mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-12-25 00:18:51 -05:00
make getSignId a secret key operation, and respect unavailable keys
This one should remedy #811, but waiting for a test
This commit is contained in:
parent
9a296c012d
commit
37cb5c4c78
@ -78,7 +78,7 @@ public abstract class CanonicalizedKeyRing extends KeyRing {
|
|||||||
|
|
||||||
public long getEncryptId() throws PgpGeneralException {
|
public long getEncryptId() throws PgpGeneralException {
|
||||||
for(CanonicalizedPublicKey key : publicKeyIterator()) {
|
for(CanonicalizedPublicKey key : publicKeyIterator()) {
|
||||||
if(key.canEncrypt()) {
|
if (key.canEncrypt() && key.isValid()) {
|
||||||
return key.getKeyId();
|
return key.getKeyId();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -94,24 +94,6 @@ public abstract class CanonicalizedKeyRing extends KeyRing {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public long getSignId() throws PgpGeneralException {
|
|
||||||
for(CanonicalizedPublicKey key : publicKeyIterator()) {
|
|
||||||
if(key.canSign()) {
|
|
||||||
return key.getKeyId();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
throw new PgpGeneralException("No valid signing key found!");
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean hasSign() throws PgpGeneralException {
|
|
||||||
try {
|
|
||||||
getSignId();
|
|
||||||
return true;
|
|
||||||
} catch (PgpGeneralException e) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public void encode(OutputStream stream) throws IOException {
|
public void encode(OutputStream stream) throws IOException {
|
||||||
getRing().encode(stream);
|
getRing().encode(stream);
|
||||||
}
|
}
|
||||||
|
@ -104,4 +104,10 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
|
|||||||
public Integer getKeyUsage() {
|
public Integer getKeyUsage() {
|
||||||
return super.getKeyUsage();
|
return super.getKeyUsage();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Returns whether this key is valid, ie not expired or revoked. */
|
||||||
|
public boolean isValid() {
|
||||||
|
return !isRevoked() && !isExpired();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -30,6 +30,8 @@ import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
|
|||||||
import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
|
import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
|
||||||
import org.sufficientlysecure.keychain.Constants;
|
import org.sufficientlysecure.keychain.Constants;
|
||||||
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
|
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
|
||||||
|
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
||||||
|
import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
||||||
import org.sufficientlysecure.keychain.util.IterableIterator;
|
import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||||
import org.sufficientlysecure.keychain.util.Log;
|
import org.sufficientlysecure.keychain.util.Log;
|
||||||
|
|
||||||
@ -74,43 +76,18 @@ public class CanonicalizedSecretKeyRing extends CanonicalizedKeyRing {
|
|||||||
return new CanonicalizedSecretKey(this, mRing.getSecretKey(id));
|
return new CanonicalizedSecretKey(this, mRing.getSecretKey(id));
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Getter that returns the subkey that should be used for signing. */
|
/** Returns the key id which should be used for signing.
|
||||||
CanonicalizedSecretKey getSigningSubKey() throws PgpGeneralException {
|
*
|
||||||
PGPSecretKey key = mRing.getSecretKey(getSignId());
|
* This method returns keys which are actually available (ie. secret available, and not stripped,
|
||||||
if(key != null) {
|
* revoked, or expired), hence only works on keyrings where a secret key is available!
|
||||||
CanonicalizedSecretKey cKey = new CanonicalizedSecretKey(this, key);
|
*/
|
||||||
if(!cKey.canSign()) {
|
public long getSecretSignId() throws PgpGeneralException {
|
||||||
throw new PgpGeneralException("key error");
|
for(CanonicalizedSecretKey key : secretKeyIterator()) {
|
||||||
}
|
if (key.canSign() && key.isValid() && key.getSecretKeyType().isUsable()) {
|
||||||
return cKey;
|
return key.getKeyId();
|
||||||
}
|
|
||||||
// TODO handle with proper exception
|
|
||||||
throw new PgpGeneralException("no signing key available");
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean hasPassphrase() {
|
|
||||||
PGPSecretKey secretKey = null;
|
|
||||||
boolean foundValidKey = false;
|
|
||||||
for (Iterator keys = mRing.getSecretKeys(); keys.hasNext(); ) {
|
|
||||||
secretKey = (PGPSecretKey) keys.next();
|
|
||||||
if (!secretKey.isPrivateKeyEmpty()) {
|
|
||||||
foundValidKey = true;
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(!foundValidKey) {
|
throw new PgpGeneralException("no valid signing key available");
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
|
|
||||||
.setProvider("SC").build("".toCharArray());
|
|
||||||
PGPPrivateKey testKey = secretKey.extractPrivateKey(keyDecryptor);
|
|
||||||
return testKey == null;
|
|
||||||
} catch(PGPException e) {
|
|
||||||
// this means the crc check failed -> passphrase required
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public IterableIterator<CanonicalizedSecretKey> secretKeyIterator() {
|
public IterableIterator<CanonicalizedSecretKey> secretKeyIterator() {
|
||||||
|
@ -56,10 +56,6 @@ public abstract class KeyRing {
|
|||||||
|
|
||||||
abstract public boolean hasEncrypt() throws PgpGeneralException;
|
abstract public boolean hasEncrypt() throws PgpGeneralException;
|
||||||
|
|
||||||
abstract public long getSignId() throws PgpGeneralException;
|
|
||||||
|
|
||||||
abstract public boolean hasSign() throws PgpGeneralException;
|
|
||||||
|
|
||||||
abstract public int getVerified() throws PgpGeneralException;
|
abstract public int getVerified() throws PgpGeneralException;
|
||||||
|
|
||||||
private static final Pattern USER_ID_PATTERN = Pattern.compile("^(.*?)(?: \\((.*)\\))?(?: <(.*)>)?$");
|
private static final Pattern USER_ID_PATTERN = Pattern.compile("^(.*?)(?: \\((.*)\\))?(?: <(.*)>)?$");
|
||||||
|
@ -51,12 +51,9 @@ public class UncachedPublicKey {
|
|||||||
|
|
||||||
/** The revocation signature is NOT checked here, so this may be false! */
|
/** The revocation signature is NOT checked here, so this may be false! */
|
||||||
public boolean isRevoked() {
|
public boolean isRevoked() {
|
||||||
for (PGPSignature sig : new IterableIterator<PGPSignature>(
|
return mPublicKey.getSignaturesOfType(isMasterKey()
|
||||||
mPublicKey.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
|
? PGPSignature.KEY_REVOCATION
|
||||||
: PGPSignature.SUBKEY_REVOCATION))) {
|
: PGPSignature.SUBKEY_REVOCATION).hasNext();
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public Date getCreationTime() {
|
public Date getCreationTime() {
|
||||||
|
@ -135,65 +135,33 @@ public class CachedPublicKeyRing extends KeyRing {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public long getEncryptId() throws PgpGeneralException {
|
public long getEncryptId() throws PgpGeneralException {
|
||||||
try {
|
|
||||||
Cursor subkeys = getSubkeys();
|
|
||||||
if (subkeys != null) {
|
|
||||||
try {
|
|
||||||
while (subkeys.moveToNext()) {
|
|
||||||
if (subkeys.getInt(subkeys.getColumnIndexOrThrow(KeychainContract.Keys.CAN_ENCRYPT)) != 0) {
|
|
||||||
return subkeys.getLong(subkeys.getColumnIndexOrThrow(KeychainContract.Keys.KEY_ID));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
subkeys.close();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch(Exception e) {
|
|
||||||
throw new PgpGeneralException(e);
|
|
||||||
}
|
|
||||||
throw new PgpGeneralException("No encrypt key found");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean hasEncrypt() throws PgpGeneralException {
|
|
||||||
try {
|
try {
|
||||||
Object data = mProviderHelper.getGenericData(mUri,
|
Object data = mProviderHelper.getGenericData(mUri,
|
||||||
KeychainContract.KeyRings.HAS_ENCRYPT,
|
KeyRings.HAS_ENCRYPT,
|
||||||
ProviderHelper.FIELD_TYPE_INTEGER);
|
ProviderHelper.FIELD_TYPE_INTEGER);
|
||||||
return (Long) data > 0;
|
return (Long) data;
|
||||||
} catch(ProviderHelper.NotFoundException e) {
|
} catch(ProviderHelper.NotFoundException e) {
|
||||||
throw new PgpGeneralException(e);
|
throw new PgpGeneralException(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public long getSignId() throws PgpGeneralException {
|
public boolean hasEncrypt() throws PgpGeneralException {
|
||||||
try {
|
return getEncryptId() != 0;
|
||||||
Cursor subkeys = getSubkeys();
|
|
||||||
if (subkeys != null) {
|
|
||||||
try {
|
|
||||||
while (subkeys.moveToNext()) {
|
|
||||||
if (subkeys.getInt(subkeys.getColumnIndexOrThrow(KeychainContract.Keys.CAN_SIGN)) != 0) {
|
|
||||||
return subkeys.getLong(subkeys.getColumnIndexOrThrow(KeychainContract.Keys.KEY_ID));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
subkeys.close();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch(Exception e) {
|
|
||||||
throw new PgpGeneralException(e);
|
|
||||||
}
|
|
||||||
throw new PgpGeneralException("No sign key found");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
/** Returns the key id which should be used for signing.
|
||||||
public boolean hasSign() throws PgpGeneralException {
|
*
|
||||||
|
* This method returns keys which are actually available (ie. secret available, and not stripped,
|
||||||
|
* revoked, or expired), hence only works on keyrings where a secret key is available!
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public long getSecretSignId() throws PgpGeneralException {
|
||||||
try {
|
try {
|
||||||
Object data = mProviderHelper.getGenericData(mUri,
|
Object data = mProviderHelper.getGenericData(mUri,
|
||||||
KeychainContract.KeyRings.HAS_SIGN,
|
KeyRings.HAS_SIGN,
|
||||||
ProviderHelper.FIELD_TYPE_INTEGER);
|
ProviderHelper.FIELD_TYPE_INTEGER);
|
||||||
return (Long) data > 0;
|
return (Long) data;
|
||||||
} catch(ProviderHelper.NotFoundException e) {
|
} catch(ProviderHelper.NotFoundException e) {
|
||||||
throw new PgpGeneralException(e);
|
throw new PgpGeneralException(e);
|
||||||
}
|
}
|
||||||
|
@ -293,7 +293,7 @@ public class OpenPgpService extends RemoteService {
|
|||||||
// Find the appropriate subkey to sign with
|
// Find the appropriate subkey to sign with
|
||||||
CachedPublicKeyRing signingRing =
|
CachedPublicKeyRing signingRing =
|
||||||
new ProviderHelper(this).getCachedPublicKeyRing(accSettings.getKeyId());
|
new ProviderHelper(this).getCachedPublicKeyRing(accSettings.getKeyId());
|
||||||
final long sigSubKeyId = signingRing.getSignId();
|
final long sigSubKeyId = signingRing.getSecretSignId();
|
||||||
|
|
||||||
// sign-only
|
// sign-only
|
||||||
PgpSignEncrypt.Builder builder = new PgpSignEncrypt.Builder(
|
PgpSignEncrypt.Builder builder = new PgpSignEncrypt.Builder(
|
||||||
@ -405,7 +405,7 @@ public class OpenPgpService extends RemoteService {
|
|||||||
// Find the appropriate subkey to sign with
|
// Find the appropriate subkey to sign with
|
||||||
CachedPublicKeyRing signingRing =
|
CachedPublicKeyRing signingRing =
|
||||||
new ProviderHelper(this).getCachedPublicKeyRing(accSettings.getKeyId());
|
new ProviderHelper(this).getCachedPublicKeyRing(accSettings.getKeyId());
|
||||||
final long sigSubKeyId = signingRing.getSignId();
|
final long sigSubKeyId = signingRing.getSecretSignId();
|
||||||
|
|
||||||
String passphrase;
|
String passphrase;
|
||||||
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
|
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
|
||||||
|
@ -294,7 +294,7 @@ public class KeychainIntentService extends IntentService implements Progressable
|
|||||||
// Find the appropriate subkey to sign with
|
// Find the appropriate subkey to sign with
|
||||||
CachedPublicKeyRing signingRing =
|
CachedPublicKeyRing signingRing =
|
||||||
new ProviderHelper(this).getCachedPublicKeyRing(sigMasterKeyId);
|
new ProviderHelper(this).getCachedPublicKeyRing(sigMasterKeyId);
|
||||||
long sigSubKeyId = signingRing.getSignId();
|
long sigSubKeyId = signingRing.getSecretSignId();
|
||||||
|
|
||||||
// Set signature settings
|
// Set signature settings
|
||||||
builder.setSignatureMasterKeyId(sigMasterKeyId)
|
builder.setSignatureMasterKeyId(sigMasterKeyId)
|
||||||
|
Loading…
Reference in New Issue
Block a user